CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:olivetin:olivetin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-10 22:16

Updated : 2026-03-12 18:12

NVD link : CVE-2026-31817

Mitre link : CVE-2026-31817

CVE.ORG link : CVE-2026-31817

JSON object : View

Products Affected

olivetin

olivetin

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-31817", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 3.1}]}, "published": "2026-03-10T22:16:19.167", "references": [{"url": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-364q-w7vh-vhpc", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2."}, {"lang": "es", "value": "OliveTin da acceso a comandos shell predefinidos desde una interfaz web. Antes de la versi\u00f3n 3000.11.2, cuando la funci\u00f3n saveLogs est\u00e1 habilitada, OliveTin persiste las entradas del registro de ejecuci\u00f3n en el disco. El nombre de archivo utilizado para estos archivos de registro se construye en parte a partir del campo UniqueTrackingId proporcionado por el usuario en la solicitud de la API StartAction. Este valor no se valida ni se sanea antes de ser utilizado en una ruta de archivo, lo que permite a un atacante utilizar secuencias de salto de directorio (por ejemplo, ../../../) para escribir archivos en ubicaciones arbitrarias del sistema de archivos. Esta vulnerabilidad se corrige en la versi\u00f3n 3000.11.2."}], "lastModified": "2026-03-12T18:12:18.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:olivetin:olivetin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E567D99A-8144-49A6-B3A5-D5ADC096809A", "versionEndExcluding": "3000.11.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}